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1 . Introduction 
1 . 1 Overview 

Project MoblDIC has been set up to investigate and, if commercially viable 
launch information services to support mobile customers (as workers and ' 
consumers) who carry a Personal Digital Assistant (PDA). These services must 
support delivery and transmission of information from the PDA using an "air 
interface" (specifically via GSM networks) and typically will be provided using 
nternet protocols. Support for existing Internet services, primarily World Wide 
Web browsing must be offered. 

MoblDIC is investigating (by prototyping and piloting) the feasibility of a 
softgoods' electronic commerce service and opportunities for mobile Internet 
based data services. The team are using smart cards and electronic cash for 
the payment mechanisms and identification. The cards will be connected to 
small portable computers running an internet browser connected to "the 
Internet via a GSM data service. Example services will be available to 
demonstrate three principal payment types: 

• consumer to retailer, to pay for: 

• database query 

• file download' 

• time behind a link 2 

• bank to consumer 

• electronic cash withdrawal 

• electronic cash deposit 

• consumer to consumer 

In the 'softgoods' e-commerce business plan, there are two principal markets 
envisaged: private networks (intranet) and public networks (Internet) The 
commerce concepts are network and access device independent Mobile 
access devices were selected as the target clients because of the easy and 



Not available at pilot launch 
Not available at pilot launch 
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j low cost way in which network access can be offered and because of the 

importance of mobile access to the European market. 

The Mobile data opportunities also divide similarly into two segments: private 
networks and public networks. The private networks further subdivide into 
Blue Collar' and White Collar' workforces. 

1 .2 Purpose and Scope 

The main purposes of this document are, given the business requirements 
documented in (BA), to: 

• list the " events" through which the system as a whole will be stimulated to 
provide some response 

• describe the " user view" of each event 

• present a high level system architecture 

• with reference to the system architecture, specify the underlying 

. processing and messaging caused by each event, with particular 
emphasis on interfaces where components are to be developed by 
different parties. 

Detailed interface specifications, which are necessary to ensure that systems 
produced by different organisations will work together to produce the 
intended results will be produced later, derived from this document. 

From the interface specifications, software specifications will be produced for 
components requiring a high level of bespoke software development. 

1 .3 Related Documents 

(BA) MoblDIC Business Analysis, Version 3.0, 08Oct96 

(IFD-IFD) Mondex IFD-IFD Application Interface Specification, Version 2 0 
1 7Nov95 

(IFD-PA) Mondex IFD Purse Application Interface Specification, Version 
1 .0, 1 7Nov95 

1 .4 Structure 

The remainder of this document has the following structure: 

2. EXTERNAL EVENTS, specifying the external events 

3. USER INTERFACE, giving a high level description of the "user experience" 
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4. ARCHITECTURE, describing the main components 

5. INTERFACES, specifying message flows between components. 



mmm 
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2, External Events 

External events cause the system as a whole, to take some action which may 
be: 

(1 ) to output some information 

(2) to change the system's state, i.e. to alter its response to some future 
external event 

(3) a combination of (1) and (2). 

The events are classified in the table below according to whether they are 
issued by "end users" from PDAs (prefixed by 'IT) by systems administrators 
(prefixed by 'A') or by electronic links to external systems (prefixed by 'E'). 

Note that many of the requirements in (BA) are not directly represented 
below because the requirements are fulfilled as a consequence of one of the 
events: thus Requirement RIO " Clients shall be able to pay for items delivered 
by http using an electronic purse" is met as a consequence of the processinq 
initiated by Events 111, U2 and U3. 



Event - . Description ,&^m^^mSS^m^MSSBS& 



U1 
U2 
U3 
U4 



U5 
U6 
U7 
U8 
U9 



Request restaurant search 
Request event search 
Request flight information 
Request GIN information 

For the initial phase of the pilot only ' request/ response' 
commands will be supported; 'trigger' commands will be 
implemented only if time allows. 

Withdraw Mondex cash 

Deposit Mondex cash 

View bank account balance 

Clear Mondex card exception log 

Unlock "locked out" Mondex card 
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Al Initialise restaurant information 

This will be a one-off process at the start of the pilot; if further 
pilot phases are planned, a means of keeping this information 
current will be devised 

A2 Initialise event information 

This will be a one-off process at the start of the pilot; if further 
pilot phases are planned, a means of keeping this information 
current will be devised 

A3 Initialise flight information 

This will occur on a daily basis, with flights for "today" and 
"tomorrow" loaded. 

A5 Update GIN information 

This utilises the existing GIN services; no new processing is j 
■ required j 

A6 Set up bank accounts 

At the discretion of NatWest Bank, these could be "stand 
alone" accounts, with no means of access other than via the 
MoblDIC facilities (e.g. ATMs cannot be used) 

El Update flight information 

. This occurs in real time 
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3. User Interface 
3. 1 Restaurant Search 

I. using the standard browser interface, the user will view Timeout's 
MoblDIC home page 

II. the home page will present options to "search for restaurant" and 
" search for event" 

III. on selecting * restaurant" , the user will be presented with a form, with 
" check box" options for: 

• area 

• cuisine type 

• payment methods 

• air conditioning. 

IV. on submitting the form the user will be presented with a list of 
restaurants satisfying the criteria (each in the form of a hypertext link), 
with a commentary of the form " TOp to view restaurant detail" 

V. on selecting a restaurant, the user will be presented with a Mondex 
wallet screen, stipulating the price, a reminder to insert a Mondex card 
and an option to pay or cancel 

VI. on selecting 'pay': 

A. the user is presented with a Newton " name card" containing the 
restaurant information, stored within the "In box" 

B. a " digital, receipt" containing details of the purchase (vendor, 
item, price) will also be filed in the " In box" , but will not be 
automatically displayed to the user 

VII. on closing or filing the name card, the user will return to the screen 
listing the restaurants which satisfied the search parameters, and may 
wish to select another restaurant or browse elsewhere. 

3.2 Event Search 

I. using the standard browser interface, the user will view Timeout's 
MoblDIC home page 

II. the home page will present options to " search for restaurant" and 
" search for event" 
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III. on selecting " event" , the user will be presented with a form, with 
"checkbox" options for: 

• artist 

• venue 

• date 

• price. 

IV. on submitting the form the user will be presented with a list of events 
satisfying the criteria (each in the form of a hypertext link), with a 
commentary of the form " 1 Op to view event detail" 

V. on selecting an event, the user will be presented with a Mondex wallet 
screen, stipulating the price, a reminder to insert a Mondex card and 
an option to pay or cancel 

VI. on selecting 'pay': . 

A. the user is presented with a Newton * meeting slip" containing 
the event information, stored within the " In box" 

B. a * digital receipt" containing details of the purchase (vendor, 
item, price, etc.) will also be filed in the " In box", but will not be 
automatically displayed to' the user 

VII. on closing or filing the meeting slip, the user will return to the screen 
listing the events which satisfied the search parameters, and may wish 
to select another event or browse elsewhere. 



3.3 Request Flight Information 

I. using the standard browser interface, the user will view Schiphol's 
MoblDIC home page 

II. the home page will present options for " arrivals" and " departures" 

III. on selecting one of the above options, the user will be presented with a 
form to enable searching/selection based on some combination of: 

• airline 

• flight number 

• arrival/departure time at Schiphol 

• originating or destination city/airport. 

V. on submitting the form the user will be presented with a list of flights 
satisfying the criteria (each in the form of a hypertext link), with a 
commentary of the form " lOp to view event detail" 

/. on selecting a flight, the user will be presented with a Mondex wallet 
screen, describing the "goods" to be purchased, the price, a reminder 
to insert a Mondex card and an option to pay or cancel 
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VI. on selecting 'pay': 

A. the user is presented with a Newton " meeting slip" containing 
the flight information, stored within the " In box" 

B. a " digital receipt" containing details of the purchase (vendor 
item, price) will also be filed in the " In box" , but will not be 
automatically displayed to the user. 

VII. on closing or filing the meeting slip, the user will return to the screen 
listing the flights which satisfied the search parameters, and may wish to 
select another flight or browse elsewhere. 



3.4 Request GIN Information 

1 . user fires up GIN specific package on Newton 

2. user selects information category from range of icons (taken from GIN 
brochure ware) 

3. user selects specific query using pull down menus and possibly other 
Newton "look and feel" artefacts 

4. user submits query by tapping a 'Submit' button 

5. results of query, are stored in the In box and displayed to the user in a 
textual form 

6. on closing or filing the results, the user is returned to the screen showing 
icons representing the categories of GIN services. 



3.5 Withdraw Mondex cash 

1 . user accesses NatWest Bank's MoblDIC home page, which reminds him 
that his Mondex card must be inserted to access his account and 
provides a button to tap when the card is inserted 

2. assuming the correct Mondex card is inserted, the user will be presented 
with a screen which displays 

• account name and number 

an account balance (note that most bank accounting systems 
do not provide real time balances; balances are usually updated 
daily) 

funds available for withdrawal (based upon account balance 
and a daily limit) 

» a field for entering an amount of money (in pounds sterling) to be 
withdrawn (or deposited) 

buttons for initiating a Mondex withdrawal or deposit and for 
accessing customer service. 
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3. when the user taps 'withdraw', assuming funds are available, he is 
displayed the same screen but with updated 'balance' and 'available' 
figures. 

3.6 Deposit Mondex cash 

1 . user accesses NatWest Bank's MoblDIC home page, which reminds him 
that his Mondex card must be inserted to access his account, and 
provides a button to tap when the card is inserted. 

2. assuming the correct Mondex card is inserted, the user will be presented 
with a screen which displays: 

• account name and number 

an account balance (note that most bank accounting systems 
do not provide real time balances; balances are usually updated 
daily) 

• funds available for withdrawal (based upon account balance 
and a daily limit) 

a field for entering an amount of money (in pounds sterling) to be 
deposited (or withdrawn) 

buttons for initiating a Mondex withdrawal or deposit and for 
accessing customer service. 

3. when the user taps 'withdraw', assuming funds are available, he is 
displayed the same screen but with updared 'balance' and'available' 
figures. 



3.7 View Bank Account Balance 

1 . user accesses NatWest Bank's MoblDIC home page, which reminds him 
that his Mondex card must be inserted to access his account, and 
provides a button to tap when the card is inserted 

2. assuming the correct Mondex card is inserted, the user will be presented 
with a screen which displays: 

• account name and number 

an account balance (note that most bank accounting systems 
do not provide real time balances; balances are usually updated 
daily) 

funds available for withdrawal (based upon account balance 
and a daily limit) 

» a field for entering an amount of money (in pounds sterling) to be 
deposited (or withdrawn) 

buttons for initiating a Mondex withdrawal or deposit and for 
accessing customer service. 
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3.8 Clear Mondex Card Exception Log 

1 . the user will be alerted by the Newton whenever a card is inserted with a 
full exception log and advised to contact the issuing bank's customer 
service. 



2. 



3. 



user accesses NatWest Bank's MoblDIC home page, which reminds him 
that nis Mondex card must be inserted to access his account and 
provides a button to tap when the card is inserted 

assuming the correct Mondex card is inserted, the user will be presented 
with a screen which displays 

account name and number 

an account balance (note that most bank accounting systems 
do not provide real time balances; balances are usually updated 
daily) 

funds available for withdrawal (based upon account balance 
and a daily limit) 

a field for entering an amount of money (in pounds sterlinq) to be 
deposited (or withdrawn) 

buttons for initiating a Mondex withdrawal or deposit and for 
accessing customer service. 



4. on 



■apping 'customer service', user is presented with a screen promptina 



the user to return the card to NatWest for exception log to be cleared 
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4. Architecture 



4.1 Logical Architecture 

The following diagram shows the logical architecture, for the initial pilot and 
beyond, which will fulfil generalised requirements of the kind specified in (BA) 
by supporting the external events and end user interfaces specified in 
previous sections of this document. 




V J 



The high-level functions of the various logical servers involved in a retail 
purchase need to be specified at this stage: 
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Catalogue 



Payment 



Content 



Provides a well-organised and presented description 
of goods for sale, together with prices and 
acceptable payment methods for the client to 
select 

Accepts payment from the client for defined goods 
by the selected mechanism, and returns a digital 
receipt 

Supplies digital goods to the client against a digital 
receipt 



The following points need to be made regarding these logical servers: 

• in a full service, the purchase of any particular item may involve the three 
servers operated by different organisations and in different locations 

• conversely, three logical servers may be implemented in one physical 
server. 

4.2 Physical Architecture 
4.2.1 Overview 

The physical architecture for the initial pilot is shown below. 




GSM SMS 
GSM data 



Smartcard Reader 
and Mondex card 



Motorola 
Newton/GSM 



Timeout Server 




Banking Server 



Schiphoi Server 



Payment Server 
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Some of the servers have some internal structure which is important from the 
point of view of development and operations. These structures are shown in 
the following sections. 

4.2.2 Banking Server 

The Banking server is comprised of .two components, linked by an ISDN 
connection: 

• the NatWest Server which implements the banking functions, accessible 
via TCP/IP connections and controls a rack of Mondex cards. 

• the Bank Web Server, which presents for clients an html interface to the 
functions provided by the NatWest server. 




4.2.3 Payment Server 

The payment server is comprised of two components, linked by an ethernet 
LAN: 

• the Retail Payment Server, which implements the payment function (i.e., 
receipt of Mondex value for purchases), accessible via TCP/IP connections 
and controls a rack of Mondex cards. 



the Retail Web Payment Server, which makes the payment function 
accessible over the Internet using the MoblDIC shopping protocol. 




4.2.4 Schiphol Server 
The Schiphol Server consists of: 

* Schiphol 's existing mainframe system with a new leased line interface to 
the Schiphol web server 
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• Schiphol Web Server, which maintains an image of the Schiphol 
mainframe database, which is made accessible via html pages. 




□ 



Schiphol Web 
Server 



Schiphol 
mainframe 



4.2.5 Timeout Server 



Updates to the Timeout database will be possible by secure, remote access 
using a standar web browser. re access 

4.3 Responsibilities 

The components are described below, together with the organisations 
responsible for delivering them for the initial pilot. "prions 



IfiResp* 



Smart card 
reader 



Mondex card 



Newton/GSM 
phone 



Initially, Gemplus GCR400 
serial device for ISO 7816 
cards; 

later, Gemplus GPR400 
PCMCIA reader/writer for ISO 
78 16 smart cards 

Sterling cards compatible 
with those issued in Swindon 
and Exeter 

A connected MP2000 and 
GSM phone 



GSM Network A UK GSM cellular network 

lsp An Internet Service Provider 

GIN Server 



The existing GIN server 




Hardware: 
Gemplus 
PCMCIA driver: 
SRL 



NatWest 



Hardware: 

Apple/Motorola 

Software: 

Lunatech/Hyperion 

Vodafone 

Lunatech 

GIN 
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Timeout server 



Schiphol Web 
Server 



A combined catalogue and 
content server, based on a 
Macintosh web server 



A combined catalogue and 
content server, based on a 
Unix web server 



Development- 
Hyperion 
Live data: 
Timeout 
Operations: 
Lunatech 

Development: 

Lunatech 

Live data: 

Schiphol 

Operations: 

Lunatech 



Schiphol 
mainframe 



Retail Web 

Payment 

Server 



Existing mainframe 
information system, with extra 
leased line interface to 
Schiphol Web server 

Provides a www front end to 
the Retail Web Server 



Retail Payment A Mondex- capable 
Server (RPS) payment server, accessible 
via TCP/IP 



Mondex card 
rack 

Bank Web 
server 



A peripheral providing a 
multiplicity of card readers 

Provides a www front end to 
the NatWest server (NWS) 



Upgrade: 
Schiphol 
Operations: 
Schiphol 

Interface to RPS spec: 
NatWest Bank 
Interface to client 
spec: 
Hyperion 
Development: 
Unisource/SRL 
Operations: 
Lunatech 

Specification and 
development: 
NatWest Bank 
Operations: 
Lunatech 

NatWest Bank 



Interface to NWS 
spec: 

NatWest Bank 

Interface to client 

spec: 

Hyperion 

Development: 

Unisource/SRL 

Operations: 

Lunatech 
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S est server A server allowing withdrawal NatWest Bank 
CiNWb) / deposit of Mondex value 
versus account debit / credit 
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5. Interfaces 



5.1 Introduction 

This section specifies message flows between components which result from 
certain of the external events specified in Section 2. In particular, it specifies 
messaging related to novel functionality provided by MoblDIC, in particular 
payment functionality, in the following contexts: 

"shopping", resulting from events Ul, U2 and U3 

"banking", resulting from events U5, U6 and U7. 



5.2 MIME types 

The shopping and banking protocols are defined in terms of a number of new 
MIME types. All of these MIME types have the same syntax. Specifically they 
consist of a series of fields as follows: 



• {<label>value} 



• where and are literal ASCII characters delimiting labels and values 

• label is a variable length field identifier consisting of ASCII characters 

• value is one of the following: 

• variable length ASCII field 

• fixed length binary field 

• variable length binary field (only permissible as the last field of a 
message) 

• { . . . } indicates repetition (i.e. not literal characters in messages / files). 

Fields may appear in any order, with the exception that a single variable 
length binary field, if present, must be the last field in the message. 

5.3 Shopping Protocol 
5.3.1 Overview 



The diagram below shows an overview of the shopping protocol , in terms of 
the logical architecture. For the pilot, catalogue server and content server 
TuncTionality will be combined (in the Schiphol server and in the Timeout 
server). 
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Request Internet 
Payment Ticket 



Web 

Catalogue 
Server 



Payment 
Server 



Web 

Content 

Server 



Internet Payment Tickeb 



Payment Request 



(eg. Mondex) Start Value Transfe r 



(eg. Mondex) Va£ue Transfer.Complete 
Digital Receipt 



Content Request 



Digitaj foods' or service 



The initial message " Request Internet Payment Ticket" is generated by the 
browser when the user selects an item to buy (Stage V in the user descrintinm 
of Events ui, U2, U3 (Section 3)). Stage V is competed wit" ^ Zce^TZ 
Internet Payment Ticket, from the Catalogue Server (Schiphol Server or 
imeout Server) which triggers the launch of the payment helper (i e a 
Mondex wallet screen). ' ' 

When the user confirms his acceptance of the proposed transaction (Stage 
VI), via the wallet screen, the helper sends an " Internet Payment Request- 
based upon the Internet Payment Ticket, to the Payment Server. 

Based upon the selected payment method (specified in the Internet Payment 
Request), a payment will be initiated using the appropriate method. The only 
supported method for the pilot will be Mondex. The Mondex payment will be 
initiated by the "Start Value Transfer" message as specified in (IFD-IFDJ The 

th ? Mondex Payment will be achieved as per (IFD-IFD), culminatinq in 
the Mondex Wallet helper sending a "Value Transfer Complete" message to 
the Payment Server. y 

On receipt of the Value Transfer Complete message (or equivalent message 
rrom a payment mechanism which may be supported in the future) the 
Payment Server will return a " Digital Receipt" .. 

The digital receipt will be forwarded in a "Content Request" message to a 
Content Server (i.e. the Schiphol Server or the Timeout Server). The Content 
Server will then check the authenticity of the digital receipt and deliver the 
purcnased information. 
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5.3.2 Request Internet Payment Ticket 

This is a standard http request from the browser indicating the user has 
selected a hypertext link. 

5.3.3 Internet Payment Ticket 

This is an http response containing the MIME type APPLICATION/IPT Fields 
defined for this MIME type for the pilot service are as follows: 



label; 



VER 



REF 



PRC 

CUR 
MTH 



CAT 



Version of this MIME 
type 



Product reference 
code; must be 
unique within the 
'CON.' URL (see 
below) 

Price in minor unit of 
currency (i.e. penny 
or cent etc.) 

Currency to be used 
in purchase 



unsigned binary l 
value in 1 byte 
field 



ASCII characters 



binary value in 6 
byte field, MSB first 
(as per (IFD-PA)) 

3-letter ISO 
4217code 



Acceptable payment Concatenated 4- 
methods character ASCII 

sub-fields, as per 
ISO 7816 
registration: thus 
'MXPACHIP' would 
indicate Mondex 
and Chipper are 
acceptable 
methods 



Can be 
assigned by 
developers of 
Schiphol and 
Timeout servers 

1 to 50,000 
(pence) 



Only 'GBP' is 
valid 

Only *MXPA' 
valid 



Unique identifier for 
catalogue 



ASCII 



Catalogue 
server's URL: 
denoting either 
Schiphol server 
or Timeout 
server 
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PAY URL of payment 
server 



CON URL of content 



ASCII 



ASCII 



Only one value 
will reach the 
payment server 

Either on the 
Schiphol or 
Timeout 
physical server 



5.3.4 Payment Request 

As per Internet Payment Ticket with the exceptions: 

• MIME type APPLICATION/IPT embedded within http request 

* SS ° nly ' ^ ° n Client P~«e- Clear.y 

5.3.5 Mondex Value Transfer 

m^D^n'^ 03 '' a " ™ ess °S es are over 'raw' TCP/IP connection, i.e. not http. 
The TCP/IP connection is initiated by the Mondex wallet helper after the 
t^omI Q payment ^quest; the server must listen on port 471 for the 

^iL C T + K eC ; 'T re T qU0St At the end of the Monde: < Valu ® Transfer (i.e. after 
receipt of the Value Transfer Complete reply), the Mondex wallet helper 
terminates the TCP/IP connection. 

Mondex transaction recovery will not be implemented for the pilot. 

5.3.6 Digital Receipt 

^pm^t^E/d^cS? 2°^° P ayment request), containing the MIME type 
APPLICATION/RECEIPT. Fields defined for this MIME type for the pilot service 

are as follows: 



ldbei Description ; i 


; * Bncoding^bf t 

"■Rvalue' 


^:^l|rpi^i^%s^^i 
■" ' iqltielfpj -pilcJ^S 


VER Version of this MIME 
type 


unsigned binary 
value in 1 byte 
field 


1 
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REF 



PRC 

CUR 
MTH 



CAT 



PAY 



CON 



Product reference 
code; must be 
unique within the 
x CON' URL (see 
below) 

Price in minor unit of 
currency (i.e. penny 
or cent etc.) 

Currency used in 
purchase 

Payment method 
used 



Unique identifier for 
catalogue 



URL of payment 
server 



URL of content 



ASCII characters Can be 

assigned by 
developers of 
Schiphol and 
Timeout servers 

binary value in 6 1 to 50,000 
byte field, MSB first (pence) 
(as per (IFD-PAJ) 



3- letterlSO 4217 
code 

4- character ASCII 
sub-fields, as per 
ISO 7816 
registration 

ASCII 



ASCII 



ASCII 



Only 'GBP' is 
valid 

Only X MXPA' 
valid 



Catalogue 
server's URL: 
denoting either 
Schiphol server 
or Timeout 
server 

Only one value 
will reach the 
payment server 

Either on the 
Schiphol or 
Timeout 
physical server 
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AUT An authorisation unsigned binary 4- Payment server 

code generated by byte field wi || allocate a 

The payment server uni seria| 

and checked by the number fQf 

content server eQch djgjtQj 

receipt; content 
servers may 
check serial 
number has not 
been presented 
. before 3 



5.3.7 Content Request 

As per digital receipt with the exception: 

• MIME type APPLICATION/RECEIPT embedded within http request. 

5.3.8 Digital Goods 
An http response. 

5.4 Banking Protocol 
5.4.1 Overview 

Ihownbetow 6 ° f meSSQ9eS when the client cruets banking transactions is 



^^w^cst** cre " kely to consis ' of pcvment di = i,ai 
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User / Web Banking 

Clicnt Server 



Select bank 



Services 



Identification 



Challenge 



I 

I Response 



Account Info 



Transaction Request 



i 

I, (eg. Mondex) Start Value Transfer 



(eg. Mondex) Value Transfer Complete ' 

I 

I ^ Account Info I 

This scenario starts with the user viewing via the browser the MoblDIC banking 
home page. On selection of the " National Westminster Bank pic" hypertext 
link (the only one present for the pilot), the bank responds with a message 
indicating the services which are available. The client software then identifies 
jhe user, based on information in his smart card. The bank then issues a 

Challenge" to authenticate the user. "Response" contains data for the 
ban* to verify the presence of a legitimate user of known identity. Once this 
has been completed, "Account Info" is supplied to the client. On selection of 

withdraw or " deposit" an appropriate " Transaction Request" is sent to the 
bank followed by the initiation of a "Value Transfer" (Mondex for the pilot) 
On completion, an indication of a success (or failure) together with updated 

Account Info" is sent to the client (for the pilot, there is no updated account 
miormation available in real time). 
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5.4.2 Select Bank 

This is an ordinan/ http request initiated by selecting a hypertext link. 

5.4.3 Services 

This is an http response containing the MIME type APPLICATION/BANKSERV 
Fields defined for this MIME type for the pilot service are as follows: 




VER 



MTH 



SER 



FAG 



Version of this MIME 
type 



Acceptable 
"payment" methods 



Available services 



Session tag for Web 
sen/er to link 
messages pertinent to 
the same Vun' of the 
client banking plug-in 



unsigned binary 1 
value in 1 byte 
field 



Concatenated 4- 
character ASCII 
sub-fields, as per 
ISO 7816 
registration: thus 
^MXPACHIP' would 
indicate Mondex 
and Chipper are 
acceptable 
methods 

Concatenated 4- 
character ASCII 
sub-fields: thus 
*WITHDEPO' would 
indicate 
withdrawal and 
deposit services 
(only) are 
available 

4-byte binary field 



Only *MXPA' 
valid 



v WITHDEPOBALA 
' indicating 
provision of 
withdrawal, 
deposit and 
account 
balance 
facilities 



Sequence 
number 
allocated by 
web server 



5.4.4 Identification 

This is an http request containing the MIME type APPUCATION/BANKID Fields 
defined for this MIME type for the pilot service are as follows: 
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label' 


Dp notion 


F n rri i n c\ c\ f ; ; : " ^ o ■ ■ 

value /(' : '^,-> j y;Jr., ■ ] 


• i-'e rm issi Die :^ ; - 






Rvalues for pilot 


VER 


Version of this MIME 
tvnp 


unsigned binary 
field 


1 


SCH 


Identification srhpinp 


value in 1 byte 
field 


1 = "Mondex 
PID' 


ID 


identification 


ASCII characters 


Any valid 
Mondex PID 


TAG 


Session tag for Web 
osrver to iinK 
messages pertinent to 
the same 7un' of the 
client banking plua-in 


4-byte binary field 


Sequence 
number 
allocated by 
web server 


5.4.5 


Challenge 







This is an http response containing the MIME type APPLICATION/CHALLENGE. 
Fields defined for this MIME type for the pilot service are as foilows: 



' label 



VER 



ME 1 



DAT 



... ..... ., , v , ..--v'--- W-^,,"-^^ 

DescHjptiok 



Version of this MIME 
type 



Authentication 
method 



Method specific 
data, for example 
random challenge 



:^valiie:||^^.. w _ 

unsigned binary 
value in 1 byte 
field 

unsigned binary 
value in 1 byte 
field 



1 



81(hex) = 
Mondex 
Personal Code 
Verification 



a variable number 7-byte field 
of bytes containing a 

Mondex 
'random seed' 
(see (IFD-PA)) 
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TAG 



Session tag for Web 
server to link 
messages pertinent to 
the same Vun' of the 
client banking plug-in 



4-byte binary field 



Sequence 
number 
allocated by 
web server 



5,4.6 Response 











VER 


Version of this MIME 


unsigned binary 
value in 1 byte 
field 


i 


MET 


Authentication 
method 


unsigned binary 
value in 1 byte 
field 


81 (hex) = 
Mondex 
Personal Code 
Verification 


DAT 


Method specific 
data, for example 
response to random 
challenge 


a variable number 
of bytes 


Contains a 
Mondex Crypto 
signature' (see 
(IFD-PA)) 


TAG 


Session tag for Web 
server to link 
messages pertinent to 
the same Vun' of the 
client banking pluq-in 


4-byte binary field 


Sequence 
number 
allocated by 
web server 



5.4.7 Account Info 

This is an hftp response containing the MIME type APPLICATION/ACCOUNT 
Fields defined for this MIME type for the pilot service are as follows: 



label 


Description 


Encoding of 


Permissible 7 






.' value 


values for pilots 
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VER 

BNK 

BCH 
NAM 
ACC 
CUR 

SER" 



BAL 



AVL 



TAG 



Version of this MIME unsigned binary 

value in 1 byte 
field 



type 
Bank name 



Branch Identifier 



ASCII string 



ASCII string 



Name of account ASCII string 



Account number 



Currency in which 
account is 
denominated 

Available services 



ASCII string 



3-letter ISO 4217 
code 



Concatenated 4- 
character ASCII 
sub-fields: thus 
'WITHDEPO' would 
indicate 
withdrawal and 
deposit services 
(only) are 
available 

Account balance in binary value in 6 
minor unit of currency byte field, MSB first 
(i.e. penny or cent, 
etc.) 



' National 

Westminster 

Bank' 

An NWB sort 
code 

Not present in 
the pilot 

As allocated by 
NWB 

Only 'GBP' is 
valid 



expected to be 
'WITHDEPOBALA 
' but 

dependent 
upon response 
from NatWest 
server 



(as per (IFD-PA)) 



Funds currently 
available for 
withdrawal 

Session tag for Web 
server to link 
messages pertinent to 
the same 'run' of the 
ciient banking plug-in 



binary value in 6 
byte field, MSB first 
(as per (IFD-PA)) 

4-byte binary field 



1 to 10 6 -1 
(pence) 



Not present in 
the pilot 



Sequence 
number 
allocated by 
web server 



Optional in protocol, but to be implemented in pilot 
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5.4.8 Transaction Request 



This is an http request containing the MIME type APPLICATION/BANKING 
Fields defined for this MIME type for the pilot service are as follows: 



label 


v .. Description 




-;.;;:] Permissil^^ 


VER 


Version of this MIME 
type 


unsigned binary 
value in 1 byte 
field 


1 


BNK 


Bank name 


ASCII string 


'National 

Westminster 

Bank' 


BCH 


Branch Identifier 


ASCII string 


An NWB sort 
code 


NAM 


Name of account 


ASCII string 


Any printable 
characters 


ACC 


Account number 


ASCII string 


As allocated by 
NWB 


CUR 


Currency in which 
account is 

(ipnnfninntoH 

v-J^I 1 III l\_Jlt?VJ 


3-letter ISO 4217 
code 


Only l GBP' is 
valid 


TYP 


Type of Transaction 


unsigned binary 
value in 1-byte 
field 


0 - reserved (for 
no further 
transactions) 

1 = 'withdraw' 

2 = 'deposit' 5 


VAL 


Value associated with 
transaction 


binary value in 6 
byte field, MSB first 
(as per (IFD-PA)) 


i - sa ooo 

(pence) 


TAG 


Session tag for Web 
server to link 
messages pertinent to 
the same Vun' of the 
client banking plua-in 


4-byte binary field 


Sequence 
number 
allocated by 
web server 



-uture transection types may require additional fields. 
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5.4.9 Mondex Value Transfer 



P S^n ); Q messa 9 es are over >raw ' TCP/IP connection, i.e. not htto 
i he TCP/IP connection is initiated by the Mondex wallet helper after the 
?A S d nl° h ° f thG transaction request; the server must listen on port 471 for the 
i CP/IP connection request. At the end of the Mondex Value Transfer (i e after 
rece.pt of the Value Transfer Complete reply), the Mondex wallet he peT 
Terminates the TCP/IP connection. P 

Mondex transaction recovery will not be implemented for the pilot. 
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Version History 



Version 

0-1 

0-2 

0-3 
0-4 



1-0 



1-1 



08/10/96 
18/10/96 

30/10/96 
05/11/96 



11/11/96 



15/11/96' 



; Status . [ : / - j;:^:;';; 

Pre-release for early feedback; only Sections 
1-3 completed. 

Pre-release containing component 
descriptions and organisational 
responsibilities (Section 4) 

Pre-release containing a specification of the 
."shopping protocol" 

First complete draft, including banking 
protocol; 

Minor (but crucial to implementors!) 
changes to shopping and banking 
protocols: 

• TCP/IP connection for value transfer 
initiated by client 

• " Value Transfer Complete" message 
sent by server 

Released after review with Unisource and 
NatWest (6/1 1/96). Modifications made to 
banking and shopping protocols. 

Minor modifications to user interface 
descriptions, reflecting the actual data 
available from Timeout and the existing 
demonstrations. 

Availably of remote updates to Timeout 
database stipulated. 

Responsibilities modified to reflect current 
project arrangements. 

Minor modifications to shopping and 
banking protocols modified following 
feedback from implementors. Specifically: 

-! binary field s are in general fixed length 



Uniworld/MoblDIC 



Pcge 33 



PRJ 228 - Systems Analysis 



Ver'l-2 17-01-97 



1-2 17/11/96 



• CON field added to digital receipt 

• SER field present in 'Account Info' 
message 

• re-defined TAG field present in all 
banking protocol messages 

• values of TYP field re-defined 

• monetary values are transmitted MSB first 

Overview changed to match evolving 
business opportunities 
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